Current DPI (Deep Packet Inspection) solutions classify network traffic according to rules obtained by analyzing historical network data. That implementation, known as signature-based or a supervised approach, has as a principal limitation of the incapacity to discover new traffic in the network and provide information about the unlabeled (unknown) traffic. State of the art DPI implementations can calculate the amount of “unclassified” traffic, however, such implementations are unable to provide information about how the unknown traffic looks and what the grade of similarity is with already labeled traffic.
There is thus a need for addressing these and/or other issues associated with the prior art.